| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content |
| Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control |
| WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site |
| Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack |
| Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user. |
| Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php. |
| LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document. |
| phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters |
| MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying the data in the database to the user |
| An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the "shimmie2-master/ext/chatbox/history/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
| An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter. |
| MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information |
| PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data). |
| A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2. |
| A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. |
| A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. |
| An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing. |
| Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different end user via the page parameter to code/student_portal/home.php. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0. |
| The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method). |
| Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. |
